From 6654d18596351f52193c6db6c779d2b97b7f4a62 Mon Sep 17 00:00:00 2001
From: Flavio Ceolin <flavio.ceolin@intel.com>
Date: Mon, 25 Sep 2023 13:00:57 -0700
Subject: [PATCH] ipm: mcux: Fix possible buffer overflow

It is possible to happen a buffer overflow in ipm_send callback
due a wrong comparison between signed/unsigned types.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
---
 drivers/ipm/ipm_mcux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/ipm/ipm_mcux.c b/drivers/ipm/ipm_mcux.c
index 176b858f20a..93267f5c58b 100644
--- a/drivers/ipm/ipm_mcux.c
+++ b/drivers/ipm/ipm_mcux.c
@@ -93,7 +93,7 @@ static int mcux_mailbox_ipm_send(const struct device *d, int wait,
 		return -EINVAL;
 	}
 
-	if (size > MCUX_IPM_DATA_REGS * sizeof(uint32_t)) {
+	if ((size < 0) || (size > MCUX_IPM_DATA_REGS * sizeof(uint32_t))) {
 		return -EMSGSIZE;
 	}